Unable to connect with external ODIC sever, a CORS error

hi, I tried connecting with an external self-hosting OIDC server, but web request is blocked by CORS policy.

The config file is almost the same with created by “ocis init” .
Running script is as blow"

export OCIS_INSECURE=true
export OCIS_URL=https://localhost:9200
export OCIS_OIDC_ISSUER=http://127.0.0.1:4444
export WEB_OIDC_CLIENT_ID=58338ea7-3c6d-437f-91fe-e5e81b892777
export IDP_ISS=https://localhost:9200
export PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
export PROXY_AUTOPROVISION_ACCOUNTS=true
# export OCIS_LOG_LEVEL=info
./ocis server

I checked the web extension source, but it seems there is no place to config a CORS policy.
Is it possible?

P.S.
If I use the below command to launch chrome with disabled security.
It works.

open /Applications/Google\ Chrome.app --args --user-data-dir="/var/tmp/chrome-dev-disabled-security" --disable-web-security --disable-site-isolation-trials